: Why are these Google cloud fuzzers hitting our site? How does attekett_dom_fuzzer work on images? Noticing today that there is yet another strange visitor hitting our server/site from a Google
Noticing today that there is yet another strange visitor hitting our server/site from a Google IP. It came via a path to an old image that was never linked out to my knowledge. This disturbs me because it has a localhost referer with script strings dealing with "Fuzzing".
104.197.36.79 (09/24/2015 11:07:38 AM) - Referrer pointing to their list of fuzz test cases running as a web service on the local machine: 127.0.0.1:8000/fuzzer-testcases-disk/fuzz-599.html
Looking in Google reveals that handfuls of other sites have seen this referrer recently (even today) as well. The html file changes though, in those other examples it may be "fuzz-88", "fuzz-374", "fuzz-686", or even under random hash folders with new plugin such as "fuzz-extension-run-65".
EDIT: They are still hitting us with fuzzers every single day directed at or image folder(s). They all seem to come from Google cloud all now seem to be "attekett_dom_fuzzer" referrer: 10.240.17.73:8003/fuzzers/attekett_dom_fuzzer/attekett_surkujs_data/samples/samples-html/fuzz-72.html
Here is the list of 291 offending IP's fuzzing since March 2015. Any Googler have thoughts or insights on what this is?
104.154.71.244
104.154.85.138
104.196.80.111
104.196.80.112
104.196.80.116
104.196.80.125
104.196.80.126
104.196.80.128
104.196.80.146
104.196.80.152
104.196.80.153
104.196.80.154
104.196.80.194
104.196.80.240
104.196.80.244
104.196.80.47
104.196.80.63
104.196.80.74
104.196.80.78
104.196.80.79
104.196.80.8
104.196.81.111
104.196.81.138
104.196.81.14
104.196.81.143
104.196.81.152
104.196.81.170
104.196.81.221
104.196.81.231
104.196.81.235
104.196.81.35
104.196.81.4
104.196.81.48
104.196.81.9
104.196.81.91
104.196.82.108
104.196.82.200
104.196.82.210
104.196.82.218
104.196.82.29
104.196.82.30
104.196.82.82
104.196.83.101
104.196.83.123
104.196.83.133
104.196.83.140
104.196.83.148
104.196.83.158
104.196.83.170
104.196.83.187
104.196.83.212
104.196.83.224
104.196.83.24
104.196.83.241
104.196.83.242
104.196.83.244
104.196.83.25
104.196.83.252
104.196.83.36
104.196.83.41
104.196.83.45
104.196.83.68
104.196.83.80
104.196.83.92
104.196.84.0
104.196.84.109
104.196.84.128
104.196.84.141
104.196.84.145
104.196.84.149
104.196.84.152
104.196.84.163
104.196.84.166
104.196.84.169
104.196.84.170
104.196.84.200
104.196.84.204
104.196.84.228
104.196.84.247
104.196.84.253
104.196.84.38
104.196.84.52
104.196.84.57
104.196.84.80
104.196.84.83
104.196.85.0
104.196.85.128
104.196.85.137
104.196.85.153
104.196.85.206
104.196.85.225
104.196.85.227
104.196.85.228
104.196.85.238
104.196.85.25
104.196.85.252
104.196.85.33
104.196.85.49
104.196.85.66
104.196.85.73
104.196.85.77
104.196.85.83
104.196.85.93
104.196.85.95
104.196.85.98
104.196.86.153
104.196.86.154
104.196.86.158
104.196.86.176
104.196.86.18
104.196.86.203
104.196.86.215
104.196.86.217
104.196.86.219
104.196.86.224
104.196.86.233
104.196.86.24
104.196.86.36
104.196.86.37
104.196.86.39
104.196.86.53
104.196.86.83
104.196.87.11
104.196.87.113
104.196.87.128
104.196.87.132
104.196.87.140
104.196.87.162
104.196.87.171
104.196.87.174
104.196.87.198
104.196.87.207
104.196.87.213
104.196.87.230
104.196.87.234
104.196.87.33
104.196.87.5
104.196.87.52
104.196.87.53
104.196.87.77
104.196.87.93
104.196.88.106
104.196.88.118
104.196.88.121
104.196.88.135
104.196.88.150
104.196.88.154
104.196.88.164
104.196.88.192
104.196.88.211
104.196.88.246
104.196.88.251
104.196.88.62
104.196.88.64
104.196.88.66
104.196.88.85
104.196.88.88
104.196.89.103
104.196.89.108
104.196.89.123
104.196.89.131
104.196.89.136
104.196.89.141
104.196.89.158
104.196.89.173
104.196.89.174
104.196.89.180
104.196.89.209
104.196.89.210
104.196.89.212
104.196.89.230
104.196.89.30
104.196.90.101
104.196.90.11
104.196.90.110
104.196.90.122
104.196.90.142
104.196.90.145
104.196.90.176
104.196.90.179
104.196.90.224
104.196.90.226
104.196.90.35
104.196.90.51
104.196.90.66
104.196.91.104
104.196.91.113
104.196.91.118
104.196.91.18
104.196.91.183
104.196.91.254
104.196.91.27
104.196.91.75
104.196.91.91
104.196.92.103
104.196.92.112
104.196.92.115
104.196.92.138
104.196.92.147
104.196.92.175
104.196.92.178
104.196.92.220
104.196.92.233
104.196.92.255
104.196.92.53
104.196.92.68
104.196.93.11
104.196.93.113
104.196.93.128
104.196.93.136
104.196.93.143
104.196.93.152
104.196.93.182
104.196.93.192
104.196.93.194
104.196.93.196
104.196.93.223
104.196.93.229
104.196.93.231
104.196.93.76
104.196.94.10
104.196.94.153
104.196.94.157
104.196.94.160
104.196.94.175
104.196.94.184
104.196.94.195
104.196.94.219
104.196.94.23
104.196.94.237
104.196.94.247
104.196.94.248
104.196.94.250
104.196.94.26
104.196.94.28
104.196.94.30
104.196.94.41
104.196.94.46
104.196.94.49
104.196.94.54
104.196.94.55
104.196.94.63
104.196.94.66
104.196.94.76
104.196.94.77
104.196.94.83
104.196.95.116
104.196.95.140
104.196.95.149
104.196.95.173
104.196.95.180
104.196.95.191
104.196.95.202
104.196.95.212
104.196.95.225
104.196.95.243
104.196.95.255
104.196.95.30
104.196.95.45
104.196.95.63
104.196.95.69
104.196.95.87
104.196.95.96
104.197.108.150
104.197.109.167
104.197.112.104
104.197.112.3
104.197.152.181
104.197.152.82
104.197.177.60
104.197.179.150
104.197.195.33
104.197.202.49
104.197.29.105
104.197.36.79
104.197.52.147
104.197.73.181
104.197.74.132
104.197.88.52
107.178.210.128
130.211.112.27
130.211.135.242
146.148.94.91
2620:0:1000:fd1f:455b:7ce2:8e4d:a5d
2620:0:1000:fd1f:50cd:eab7:1624:c83a
2620:0:1000:fd1f:59cb:327a:7d2c:24ed
2620:0:1000:fd1f:60ef:3e23:88cc:d1fd
2620:0:1000:fd1f:6555:a7cb:69f7:80fe
2620:0:1000:fd1f:90ff:7908:94f6:3741
2620:0:1000:fd1f:b8cb:25d2:edd5:56a8
2620:0:1000:fd1f:c82f:9241:7efe:dc79
More posts by @Dunderdale272
1 Comments
Sorted by latest first Latest Oldest Best
The IP's in question track to Google Cloud and not the Google crawlers specifically. What this indicates is that someone has subscribed to one or more virtual servers on Google Cloud to run their code (more common now) and this could indeed be malicious. A good practice is to block localhost referrers as a matter of course as these should generally not be targeting your site, however that won't fully prevent this from happening. A good thing to do at this point if you have the time and energy is to block the offending IP's by your firewall rules, and to record the offending IP's and send them to the Google Cloud abuse team using the form located at support.google.com/code/contact/cloud_platform_report?hl=en which will then let Google investigate the offence. If this is happening against you there is a good chance it is happening to others as well.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.